CVE-2025-4802

Exploit

EPSS 0.01%
Veröffentlicht 16.05.2025 19:32:50
Zuletzt bearbeitet 03.11.2025 20:19:11
Quelle 3ff69d7a-14f2-4f67-a097-88dee7
CVE-Watchlists
Login
Unerledigt
Login

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Glibc Version >= 2.27 <= 2.38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.008

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Patch

https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Issue Tracking

http://www.openwall.com/lists/oss-security/2025/05/16/7

Mailing List

http://www.openwall.com/lists/oss-security/2025/05/17/2

Exploit

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html

https://nvd.nist.gov/vuln/detail/CVE-2025-4802

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4802

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4802

EUVD